Vulnerability in Cisco Aironet Access Point Software
CVE-2024-20265
A vulnerability in the boot process of Cisco Access Point (AP) Software could allow an unauthenticated, physical attacker to bypass the Cisco Secure Boot functionality and load a software image that has been tampered with on an affected de…
EPSS: 0.000 (3.6th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.9 (Medium). Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N.
Affected products
- Cisco Aironet Access Point Software — versions 8.2.100.0, 8.2.130.0, 8.2.111.0
- Cisco Aironet Access Point Software (Ios Xe Controller) — versions 16.10.1e, 16.10.1, 17.1.1t
- Cisco Business Wireless Access Point Software — versions 10.0.1.0, 10.0.2.0, 10.1.1.0
- Cisco Ios Xe Software — versions N/A
Weakness classification (CWE)
References
Frequently asked questions
- What is CVE-2024-20265?
- CVE-2024-20265 is a medium-severity vulnerability in Cisco Aironet Access Point Software, classified under Trust Boundary Violation. CVSS score: 5.9/10. Published 2024-03-27.
- How severe is CVE-2024-20265?
- Medium severity. CVSS v3 base score is 5.9 out of 10.